package com.nut.config;

import com.nut.service.UserServiceImpl;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;

import javax.sql.DataSource;

/**
 * @ author : HyoJoo-W
 * @ createDate : 2021-05-09 15:30
 * @ Description : config
 */

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter
{
    @Autowired
    private MyAccessDeniedHandler myAccessDeniedHandler;

    @Autowired
    private UserServiceImpl userService;

    @Autowired
    private DataSource dataSource;

    @Autowired
    private PersistentTokenRepository persistentTokenRepository;

    @Bean
    public PasswordEncoder pw()
    {
        return new BCryptPasswordEncoder();
    }

    @Bean
    public PersistentTokenRepository getPersistentTokenRepository()
    {
        JdbcTokenRepositoryImpl jdbcTokenRepository = new JdbcTokenRepositoryImpl();
        jdbcTokenRepository.setDataSource(dataSource);
        //第一次启动时建表存储(后面启动时需要注释)
        //jdbcTokenRepository.setCreateTableOnStartup(true);
        return jdbcTokenRepository;

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception
    {
        //认证
        http.formLogin()
                //自定义登录页面
                .loginPage("/login.html")
                //自定义登录逻辑
                .loginProcessingUrl("/login")
                //登录成功后跳转页面(必须为post方式)
                .successForwardUrl("/toMain")
                //自定义登录成功跳转Handler
                //.successHandler(new MyAuthenticationSuccessHandler("http://www.baidu.com"))
                //登录失败跳转
                .failureForwardUrl("/toError")
                //自定义失败跳转Handler
                //.failureHandler(new MyAuthenticationFailureHandler("/error.html"))
                //自定义登录参数映射
                .usernameParameter("anyusername")
                .passwordParameter("anypassword");

        //授权
        http.authorizeRequests()
                //放行登录页面
                .antMatchers("/login.html").permitAll()
                //放行登录失败页面
                .antMatchers("/error.html").permitAll()
                .antMatchers("/**/*.jpg").permitAll()
                //.antMatchers("./main1.html").hasAuthority("admin")
                //.antMatchers("/main1.html").hasRole("ad")
                //.antMatchers("./main1.html").hasIpAddress("127.0.0.1")
                //拦截所有请求都必须认证
                .anyRequest().authenticated();
                //.anyRequest()
                //.access("@myServiceImpl.hasPermission(request,authentication)");
        //异常403处理
        http.exceptionHandling().accessDeniedHandler(myAccessDeniedHandler);

        //关闭防火墙
        http.csrf().disable();

        //开启记住我功能
        http.rememberMe()
                //自定义失效时间(单位: s)
                //.tokenValiditySeconds(60)
                //自定义登录逻辑
                .userDetailsService(userService)
                //数据持久层对象
                .tokenRepository(persistentTokenRepository);

        //退出登录
        http.logout().logoutSuccessUrl("/login.html");

    }
}
